FCPA Summer Review 2018
The pace of announced enforcement actions involving the Foreign Corrupt Practices Act (FCPA) increased somewhat in the second quarter of 2018. From March to June of 2018, the Department of Justice (DOJ) and the Securities and Exchange Commission (SEC) reached settlements with four companies and their affiliates – Dun & Bradstreet, Inc. (D&B), Panasonic Corporation (Panasonic) and its subsidiary Panasonic Avionics Corporation (PAC), Société Générale S.A. (Société Générale) and its subsidiary SGA Société Générale Acceptance N.V. (SGA), and Legg Mason Inc. (Legg Mason) – collecting a total of $527 million in criminal fines, disgorgement, and other penalties. These four settlements made the second quarter of 2018 the busiest yet under the Trump Administration, in terms of both the number of corporate enforcement actions concluded and the total penalties collected. By way of example, last quarter saw only three announced corporate enforcement actions, each with penalties ranging from $500,000 to $2 million.
Notably, all four of this quarter's corporate enforcement actions arose out of investigations launched under the previous Obama Administration – in some cases as early as 2012 – for conduct that occurred even earlier. In fact, all four cases appear to be part of a broader trend of the DOJ and SEC focusing on wrapping up long-running FCPA investigations initiated in previous administrations. This quarter, perhaps the best examples of this trend are the Société Générale and Legg Mason enforcement actions, both of which arise out of an investigation launched into alleged misconduct involving the Gaddafi regime in Libya, which was deposed in 2011. Similarly, last quarter, the DOJ reached settlements with the Canadian-based mining company Kinross Gold Corporation and Maryland-based nuclear transport company Transport Logistics International, Inc., both of which engaged in misconduct that took place before 2014.
This focus on wrapping-up long-running investigations is consistent with the DOJ's and SEC's acknowledged efforts to speed up FCPA investigations. For example, in April 2017, then-Acting Principal Deputy Assistant Attorney General Trevor McFadden remarked that the DOJ had hired additional trial attorneys "to help investigate cases more quickly" and that his intent was for "FCPA investigations to be measured in months, not years." As a part of this focus on faster investigations, McFadden further noted that he and other key DOJ leadership had decided to "focus on wrapping up old investigations." Similarly, SEC Enforcement Division Co-Director Steven Peikin reiterated in a November 2017 speech that his agency was "redoubling our efforts to bring cases as quickly as possible," an approach that "makes sense because our cases have the highest impact, and our litigation efforts are most effective, when we bring our cases close in time to the alleged wrongful conduct." Both agencies' attention to the issue of long-running investigations may help explain this quarter's completion of the long-running D&B, Panasonic, Société Générale, and Legg Mason investigations.
The DOJ's and SEC's focus on speedier investigations dovetails with two other current policy initiatives – namely, the agencies' greater willingness to provide declinations from prosecution for companies that self-disclose, cooperate, and remediate (discussed in our FCPA Autumn Review 2017), as well as the agencies' enforcement focus on individual wrongdoers within a company (initially discussed in our FCPA Autumn Review 2015). Taken together, these three policies hold some promise for compliance-focused companies, allowing them to more quickly and easily resolve any misconduct they discover and report.
At the same time, as this quarter's enforcement actions also demonstrate, both the DOJ and SEC face some potentially significant hurdles in their efforts to speed up investigations. An increasingly significant source of potential delay is the agencies' coordination of anti-corruption settlements with enforcement authorities across jurisdictions, which can require more time and effort and can raise challenges when legal principles or enforcement approaches are not aligned. For example, this quarter, the DOJ and the Parquet National Financier (PNF) in Paris coordinated a joint settlement worth $585 million with Société Générale, which likely required significant cooperation between the two agencies. In addition, legal and regulatory developments in several countries that are involved in international anti-corruption cooperation likely will create additional challenges for multinational enforcement and for companies' internal investigations, which often are a critical factor in advancing resolutions to conclusion. The EU's new General Data Privacy Regulation (GDPR), discussed below, may well create additional time-consuming hurdles to accessing witnesses and documents in key jurisdictions outside the United States. The GDPR joins other existing national data privacy and national security-based restrictions on access to information in various countries that have been involved in past FCPA-related enforcement actions, such as Russia and China. In addition, recent cases in the United Kingdom and Germany have created a wider gulf between the treatment of the attorney-client privilege in the United States and Europe, which may well affect the coordination of internal investigations by companies.
Corporate Enforcement Actions
Besides originating out of relatively long-running investigations, this quarter's four corporate enforcement actions revisit many of the features often observed in FCPA cases. For example, the D&B settlement once again demonstrates the risk of failing to implement proper anti-corruption measures in a joint venture or newly acquired subsidiary, while the Panasonic settlements emphasize the importance of adequate controls for discretionary executive spending. Similarly, as noted above, the Société Générale settlement is another example of the major and continuing trend of authorities from different jurisdictions coordinating enforcement actions and splitting penalties.
- Dun & Bradstreet: On April 23, 2018, the SEC issued a Cease-and-Desist Order to business intelligence provider D&B, whereby the company agreed to pay a total of approximately $9 million to settle alleged FCPA books-and-records and internal-accounting-controls violations. According to the SEC's Order, D&B failed to ensure that employees at two of its China affiliates – a joint venture with a Chinese partner and a recently acquired Chinese subsidiary – had not made improper connections to government officials to obtain corporate and personal data useful for D&B's business intelligence products. The SEC Order further notes that D&B disclosed the alleged improprieties to U.S. authorities after a raid by Chinese police in 2012, suggesting that the misconduct ceased at that time and the investigation has been ongoing ever since. The D&B settlement is discussed in greater detail below.
- Panasonic Corporation and Panasonic Avionics Corporation: On April 30, 2018, the DOJ announced a Deferred Prosecution Agreement (DPA) with the California-based manufacturer of in-flight entertainment and aircraft communications systems PAC. Simultaneously, the SEC published a Cease-and-Desist Order to PAC's Japan-based parent, Panasonic. Altogether, Panasonic and PAC paid the U.S. government $280 million in penalties. The allegations at the center of the case arose out the company's "Office of the President Budget," a fund for executive travel, corporate entertainment, and consultancy expenses. For example, according to the DOJ's DPA, PAC executives used this fund to make payments to a consultant with improper connections to a Middle East state-owned airline from 2008 to 2014 – payments that were then illegitimately rolled up into the parent company Panasonic Corporation's filings with the SEC. Interestingly, the DOJ's charges against PAC were for "causing" its parent Panasonic to violate the books-and-records and internal controls provisions of the FCPA, while the SEC's charges against Panasonic itself included violations of the anti-bribery and accounting provisions of the FCPA itself, as well as of other U.S. securities and tax laws. The PAC and Panasonic dispositions are discussed in greater detail below.
- Société Générale and SGA Société Générale Acceptance N.V.: On June 4, 2018, the French financial services company Société Générale and its subsidiary SGA reached agreements worth $586 million with the DOJ and the French Parquet National Financier (PNF), thereby settling charges that an intermediary acting on the company's behalf had made payments to a close relative of Libyan leader Muammar Gaddafi from about 2006 to 2009 to influence the Libyan government to invest with Société Générale. Of this $586 million, Société Générale and SGA will pay a total of $293 million under a DPA with the DOJ resolving FCPA anti-bribery conspiracy charges, with the remainder of the penalty to be paid to French authorities, making Société Générale one of the largest penalties ever to be split between multiple jurisdictions. Furthermore, the $586 million in anti-corruption penalties were part of a broader $1.3 billion settlement with the DOJ, PNF, and U.S. Commodity Futures Trading Commission, which also included charges that Société Générale had helped to manipulate the London Inter-bank Offered Rate (Libor), a U.K. benchmark interest rate that has been at the center of numerous criminal charges against large financial institutions. The investigation into both the Libyan payments and Libor manipulation appears to have been ongoing since at least 2014, when the post-Gaddafi Libyan government first publicly accused Société Générale of funneling bribes to Gaddafi family members. The Société Générale and SGA dispositions are discussed in greater detail below.
- Legg Mason: Also on June 4, 2018, the DOJ announced a Non-Prosecution Agreement (NPA) with the Baltimore, Maryland-based investment management firm Legg Mason, whereby the company agreed to pay $64.2 million and the DOJ agreed not to prosecute the company for any FCPA-related offenses arising out the same Libyan bribery scheme that was the basis of the Société Générale settlement. Specifically, a Legg Mason subsidiary, Permal Group Ltd. (Permal), had partnered with Société Générale to solicit business from Libyan state-owned institutions between 2004 and 2010, with Société Générale allegedly maintaining the relationship with the Gaddafi family member at the center of the scheme and Permal managing the investments made by the Libyan institutions. The Legg Mason settlement is discussed in greater detail below.
Finally, on June 6, 2018, Credit Suisse Hong Kong Ltd. – the Hong Kong subsidiary of the Swiss investment bank Credit Suisse Group AG – announced that it had reached a $47 million settlement to resolve an investigation into hiring practices in the Asia Pacific region between 2007 and 2013. A month later, on July 5, the DOJ confirmed the $47 million settlement with Credit Suisse Hong Kong Ltd. and released the underlying NPA, while the SEC announced its own $30 million Cease-and-Desist Order with the Credit Suisse Group AG. According to the DOJ's NPA and the SEC's Cease-and-Desist Order, from 2007 to 2013, senior managers at Credit Suisse Hong Kong Ltd. engaged in a practice of hiring, promoting, and retaining candidates based solely on relation to or referral from government officials at Chinese state-owned entities that were clients of the investment bank. Because the DOJ and SEC did not confirm the Credit Suisse settlements until July 5, we will provide a detailed analysis of the Credit Suisse settlement in our upcoming FCPA Autumn Review 2018, which will focus on third quarter FCPA activity.
Individual Enforcement Actions
Individual enforcement actions also continued apace in the second quarter of 2018, with the announcement of two new FCPA-related convictions, on par with the average over the past twelve months. As with the corporate enforcement actions, this quarter's individual guilty pleas arose out of long-running investigations, both of which have previously led to guilty pleas or jury convictions of other individuals.
- On April 4, 2018, Julia Vivi Wang, a naturalized U.S. citizen who served as an executive at a media platform covering United Nations sustainable development efforts, pled guilty to one count of conspiracy to violate the FCPA, one count of violating the FCPA, and one count of submitting fraudulent tax returns. Wang's conviction, discussed in greater detail below, arose out of an alleged U.N. influence-peddling scheme from 2011 to 2014, which has thus far resulted in six convictions, including FCPA-related convictions of the Macau, China-based billionaire Ng Lap Seng and former U.N. Deputy Ambassador from the Dominican Republic Francis Lorenzo.
- On April 13, 2018, Lawrence W. Parker Jr., a U.S. citizen who owned or controlled at least five Florida-based telephone companies, pled guilty to one count of conspiracy to violate the FCPA and commit wire fraud. Parker's conviction, discussed in greater detail below, is one of several to arise out of alleged payments made from 2005 to 2015 to win contracts from Servicio di Telecommunicacion di Aruba N.V., a telecommunications carrier owned by the government of Aruba.
Investigations Closed Without Enforcement
Miller & Chevalier tracks investigations closed without enforcement action, i.e., investigations that the DOJ and SEC have launched but then resolved without a DPA, NPA, Cease-and-Desist Order, guilty plea, or conviction. Miller & Chevalier's tracking of such investigations relies on public statements by companies, statements by the DOJ or SEC, or companies' disclosure of such investigations in their securities filings. As such, our tracking is necessarily incomplete, because some companies may elect never to make public either the launch of a DOJ or SEC investigation or its resolution without enforcement action. Nevertheless, tracking investigations closed without enforcement provides a useful data point for assessing the enforcement climate.
This quarter, we tracked five investigations closed without enforcement related to four companies, a number that is on par with the average number over the last five years. As with this quarter's corporate and individual enforcement actions, all of the investigations ending without enforcement actions appear to have been initiated under the previous administration. In contrast, at least two of the investigations closed without enforcement last quarter appear to have been launched and concluded during the current administration – Cobalt International Energy, Inc. and Teradata Corporation. In addition, one of the five investigations closed without enforcement this quarter – involving D&B – is the first formal investigation under the DOJ's FCPA Corporate Enforcement Program.
This quarter's investigations closed without enforcement are:
- Dun & Bradstreet: In addition to the Cease-and-Desist Order from the SEC noted above and discussed below, D&B also received a formal declination from the DOJ for the same conduct. On April 23, 2018, the company received a letter from the DOJ stating the following: "[w]e write regarding the investigation by the Department of Justice, Criminal Division, Fraud Section and the United States Attorney's Office for the District of New Jersey (collectively, the "Department") into your client The Dun & Bradstreet Corporation (the "Company") concerning violations of the Foreign Corrupt Practices Act, 15 U.S.C. § 78dd-1, et seq. Based upon the information known to the Department at this time, we have declined prosecution consistent with the FCPA Corporate Enforcement Policy." As discussed in greater detail below, the DOJ also publicly released the letter to the company, marking the first published formal declination under the Department's November 2017 FCPA Corporate Enforcement Policy.
- Millicom International Cellular SA: In a statement made on April 24, 2018, the Luxembourg-based telecommunications company noted, "[i]n October 2015, Millicom voluntarily reported to the U.S. Department of Justice potential improper payments made on behalf of the company's joint venture in Guatemala and, since then, has cooperated fully with the Justice Department's investigation. Yesterday, the Justice Department informed Millicom that it is closing its investigation."
- Transocean Ltd.: On May, 1, 2018, the Swiss offshore drilling company filed a Form 10-Q stating, "[w]e previously disclosed that we completed an internal investigation into statements made by a former employee of Petroleo Brasilerio S.A. ("Petrobras") related to the award to us of a drilling services contract in Brazil, and that our investigation did not identify any wrongdoing by any of our employees or agents in connection with our business. We further disclosed that we had voluntarily met with governmental aurthorities [sic] in the U.S. to discuss the statements made by the former Petrobras employee, our internal investigation, as well as our findings. On March 5, 2018, we received a letter from the U.S. Securities and Exchange Commission ("SEC") Division of Enforcement stating that the SEC's investigation had been concluded and that the SEC did not intend to recommend any enforcement action against Transocean by the SEC. On April 4, 2018, we received a letter from the U.S. Department of Justice ("DOJ") stating that the DOJ had closed its inquiry into the matter. Based upon our findings and the statements from the SEC and DOJ, we do not expect further inquiries from U.S. governmental authorities regarding this matter." In a previous Form 10-Q filed on November 1, 2017,Transocean acknowledging launching an internal investigation into the Petrobras award in 2015.
- United Technologies Corporation: In a Form 10-Q filed on April 27, 2018, the U.S.-based conglomerate stated the following: "[a]s previously disclosed, in December 2013 and January 2014, UTC made voluntary disclosures to the United States Department of Justice (DOJ), the Securities and Exchange Commission (SEC) Division of Enforcement and the United Kingdom's Serious Fraud Office to report the status of its internal investigation regarding a non-employee sales representative retained by United Technologies International Operations, Inc. (UTIO) and IAE for the sale of Pratt & Whitney and IAE engines and aftermarket services, respectively, in China. On April 7, 2014, the SEC notified UTC that it was conducting a formal investigation and issued a subpoena to UTC. The SEC issued a second subpoena on March 9, 2015, seeking documents related to internal allegations of violations of anti-bribery laws from UTC's aerospace and commercial businesses, including but not limited to Otis businesses in China. On March 7, 2018, the DOJ notified UTC that it had decided to close its investigation of this matter. We have engaged in discussions with the SEC staff to resolve this matter. Because these discussions are ongoing, we cannot predict the outcome or the consequences thereof at this time."
Litigation and Policy Developments
The quarter also saw several U.S.-based litigation developments that may impact FCPA investigations in the future. In March and June of this year, a judge for the United States District Court for the District of Columbia ruled in two separate cases that the DOJ must disclose FCPA-related documents to journalists under the Freedom of Information Act (FOIA). The ruling serves as a reminder that companies cannot always rely on strict confidentiality for documents filed with the agency. Notably, the judge required the DOJ to disclose, among other things, the names of candidates that companies had nominated as compliance monitors after reaching settlements with the DOJ, as well as a different group of compliance monitors' work plans, reviews, and reports.
On June 21, 2018, the U.S. Supreme Court reached a decision in the much-litigated Lucia v. Securities and Exchange Commission case, holding that the SEC's prior practice of installing its administrative law judges (ALJs) violated the Appointments Clause of the U.S. Constitution. At least in the short term, this decision has resulted in the SEC announcing a stay on all administrative proceedings currently pending before the Commission, giving the Commission time to determine how to handle cases against litigants similarly situated to the plaintiff whose challenge resulted in the Court's ruling.
Finally, on the policy side, on May 9, 2018, the DOJ issued a formal policy that directs the agency's prosecutors to coordinate with U.S. and foreign enforcement authorities in order to avoid duplicative penalties for the same corporate misconduct – sometimes referred to informally as the "piling on" problem. Although the new policy is consistent with the agency's past practices – apparent through the uptick in coordinated multinational resolutions over the past two years – its formal incorporation into the U.S. Attorneys' Manual is likely to encourage more coordinated settlements in the future.
Finally, the quarter saw several international litigation- and policy-related developments that may complicate the conduct of cross-border anti-corruption investigations. In April, two judges in an English intermediate appellate court issued a decision implying that interview notes of attorneys prepared in connection with an internal investigation related to the U.K. Serious Fraud Office's 2016 DPA with the as-yet undisclosed "XYZ Company" do not enjoy attorney-client privilege under English law, in contrast to the general U.S. rule that such notes are privileged and thus protected from compelled disclosure. Similarly, on July 6, 2018, the German Federal Constitutional Court held that Munich prosecutors could examine documents seized during a 2017 raid of the German offices of U.S. law firm Jones Day – collected during an internal investigation into allegations that the German automaker Volkswagen AG had manipulated emissions testing results – without violating German laws analogous to the United States' attorney-client privilege. Both decisions represent a potentially significant divide from U.S. practice and precedent governing internal investigations, and may undermine international cooperation efforts being promoted by U.S. and European enforcement agencies.
In May, the European Union implemented the new General Data Protection Regulation (GDPR), imposing additional, more restrictive rules on the handling of "personal data" – defined to include almost all digital information that could be used to identify a person. Although most GDPR coverage has focused on the regulation's effect on large technology companies such as Google and Facebook, the GDPR's broad definition of "personal data" will cover much of the information collected during cross-border investigations as well, including e-mails and internal company documents. To complicate matters, the collection of precisely such data may often be required for companies to be eligible for a declination under the U.S. DOJ's FCPA Corporate Enforcement Policy, potentially creating a tension between complying with the E.U. data privacy law and receiving credit for cooperation with U.S. authorities.
Both the U.K. court's decision on the XYZ interview notes and the European Union's GDPR are discussed in greater detail below. We will provide additional analysis of the trends in German law protecting client confidentiality in our next FCPA Review.
Panasonic and Affiliate Panasonic Avionics Corporation Settle with DOJ and SEC in Connection with FCPA and Accounting Fraud Scheme
On April 30, 2018, the DOJ announced a DPA with Panasonic Avionics Corporation (PAC) under which the California-based manufacturer of in-flight entertainment and aircraft communications systems agreed to pay a total criminal penalty of $137 million to settle charges that it had knowingly and willfully caused its parent company, Panasonic Corporation (Panasonic), to violate the FCPA's books-and-records and internal-controls provisions. The same day, the SEC announced a Cease-and-Desist Order (SEC Order) with Panasonic, under which the Japan-based electronics company agreed to pay $127 million in disgorgement and $16 million in prejudgment interest to settle charges that Panasonic had violated the anti-bribery and accounting provisions of the FCPA, as well as the manipulative/deceptive practices, reporting, and internal accounting control provisions of Section 10(b) of the Securities Exchange Act of 1934 (the Exchange Act) and the SEC's anti-fraud Rule 10b-5. In addition, PAC accepted the imposition of a two-year independent compliance monitor by the DOJ.
PAC is headquartered in California, making the company a domestic concern for the purposes of the FCPA. Until 2013, Panasonic's shares were traded on the New York Stock Exchange (NYSE) and Panasonic was an "issuer" for the purposes of the FCPA at the times relevant to the DPA and SEC Order.
The DOJ and SEC charges arose out of allegedly improper payments made out of PAC's "Office of the President Budget," a fund for executive travel, corporate entertainment, and consultant expenses that was set up and managed by PAC executives, with little or no review or approval by Panasonic personnel. From 2007 to 2013, PAC allegedly made improper payments out of this fund to consultants who were formally retained and paid through a third-party vendor that provided otherwise unrelated services to PAC and had little role in managing or otherwise working with the consultants.
For example, one such consultant, engaged from 2008 to 2014, was a former senior contracting official at a state-owned Middle Eastern airline, who allegedly assisted PAC in winning approximately $93 million in business arising out of an expansion of a pre-existing contract to provide in-flight entertainment systems. According to the disposition papers, PAC began negotiations to hire the potential consultant in April 2007 and made him a formal offer in October 2007 – while he was still serving as a contracting official for the airline. After PAC won the first stage of the contract expansion in November 2007, the former official retired from the airline and was formally retained by PAC in April 2008. Between 2008 and 2014, PAC allegedly paid the former contracting official a total of $875,000, during which time he provided little, if any, meaningful work; indeed, the disposition documents note that PAC's own Internal Audit Department was unable to find any deliverables produced by him. The payments to the former official were listed as legitimate consulting expenses in PAC's books and records, which were rolled up into Panasonic's books and records.
Similarly, in October 2007, PAC allegedly retained a consultant who had previously been retained as a consultant by a U.S.-based airline, one of PAC's largest customers. While working as a consultant for both PAC and the U.S.-based airline, the individual allegedly disclosed non-public, inside, or other sensitive information to PAC, including internal communications about PAC between the airline's employees, information about PAC competitors' pricing, and information on negotiations between the U.S. airline and PAC's competitors. Over a five-year period, PAC paid $825,000 to this consultant, all out of the Office of the President Budget. Panasonic subsequently accounted for these payments as legitimate consulting expenses in its books and records even though, according to the DPA, the payments lacked sufficient documentation to substantiate legitimate consulting services. Despite these alleged improprieties in the relationship with the consultant, a PAC executive certified in Sarbanes-Oxley certifications that "no deficiencies have been identified and the internal control[s] over financial reporting have effectively functioned in [the] company." From April 2008 to March 2013, PAC reportedly earned approximately $22 million in the scope of its relationship with the U.S. airline.
The DPA and SEC Order also note PAC's practices regarding sales agents in China and other parts of Asia. From 1999 to 2006, PAC engaged third-party sales agents in the region, paying these agents' commissions of between six and ten percent to obtain and manage contracts with state-owned airlines. According to the government's documents, starting in 2007 PAC began improving its internal controls for the retention of third parties, in part by terminating relationships with certain sales agents that did not pass anti-bribery due diligence conducted by outside provider TRACE International. However, certain PAC employees allegedly rehired these terminated agents, in secret, as "sub-agents" of an agent that had obtained a TRACE certification. As a result, Panasonic improperly recorded approximately $7 million in payments in its books and records.
Apart from the alleged FCPA-related misconduct, the SEC also determined that Panasonic fraudulently overstated pre-tax and net income in violation of Section 10(b) of the Exchange Act and Rule 10b-5 thereunder. In particular, to recognize revenue from certain contracts before such contracts actually were signed, PAC backdated those contracts. Panasonic subsequently consolidated PAC's improperly recognized revenue and related pre-tax and net income for the first quarter of 2012 in its consolidated financial statements for the same quarter, which resulted in Panasonic's material misstatement of pre-tax income by approximately $38.5 million and net income by approximately $22.4 million.
Pursuant to the DPA, the DOJ did not provide PAC with voluntary disclosure credit because the company made disclosures after the SEC had submitted a related document request to Panasonic, and because the disclosure took place several years after PAC and Panasonic had been notified of the allegations through a whistleblower. According to the DOJ, PAC "took steps to investigate internally but chose not to voluntarily report." Nevertheless, the DOJ did provide PAC with some credit for its cooperation, including through factual presentations to the DOJ, sharing facts learned during witness interviews, making employees available for interviews, proactively sharing material information, providing evidence from multiple jurisdictions, disclosing other conduct in the Middle East, firing senior executives engaged in the misconduct, and enhancing its compliance program and internal controls. Based on these factors and consistent with the FCPA Corporate Enforcement Policy, the DOJ determined that PAC was entitled only to a 20 percent reduction of the bottom of the U.S. Sentencing Guidelines range. In addition, the DOJ noted that "the imposition of a two-year independent compliance monitor is sufficient but not greater than necessary" under the circumstances, as PAC "has not fully implemented or tested its enhanced compliance program."
- Executive Funds for Travel, Entertainment, and Consultants: Most of the allegations against PAC arose out of payments made from the "Office of the President Budget," a fund for executive travel, corporate entertainment, and consultant expenses that the DOJ and SEC found lacked sufficient financial oversight. Notably, the January 2017 SQM case also involved payments from a discretionary fund created for the office of the CEO, as discussed in our FCPA Spring Review 2017. Of course, the FCPA allows for "reasonable and bona fide" gifts, travel, and entertainment expenses – which might naturally be higher for executives – as well as payments to consultants in exchange for advice, reports, or other legitimate services. However, the Panasonic and PAC settlements demonstrate again that executive funds established for such purposes can be diverted for improper purposes. Companies should ensure that they assess the risk and impose proper controls on executive spending – e.g., through appropriate policies, procedures, and internal accounting controls that cover and monitor gifts, travel, entertainment, and procurement.
- DOJ Chose Not to Bring Anti-Bribery Charges: The FCPA-related charge against PAC was not for violating the FCPA anti-bribery provisions, but rather for "knowingly and willfully" causing its parent company, Panasonic, to violate the accounting provisions of the FCPA by incorporating false information into its SEC filings. At the same time, the SEC did bring anti-bribery charges against Panasonic related to PAC's hiring of the Middle Eastern official who assisted PAC in obtaining and retaining business from a state-owned airline in 2007. The reasons for the lack of an anti-bribery charge against PAC are unclear – possibilities include a lack of sufficient evidence to meet the standards required for a criminal (as opposed to a civil) charge, or the results of negotiations that led to the dispositions.
- Voluntary Disclosure and Cooperation Credit: The Panasonic and PAC settlements make clear some of the challenges companies may face when deciding whether to disclose alleged misconduct to the government. As noted above, PAC reportedly conducted an internal investigation but chose not to voluntarily report, such that the DOJ determined that PAC was only entitled to a 20 percent reduction from the bottom of the U.S. Sentencing Guidelines, despite the company's cooperation in other respects. Under the FCPA Corporate Enforcement Policy, PAC could conceivably have received a full declination had it voluntarily disclosed, paying no fine and only disgorgement. Using the actual penalties and disgorgement paid as estimates for what Panasonic and PAC would have paid in such a scenario, the companies could have saved as much as $137 million by disclosing the results of their internal investigation to the DOJ, assuming that all of the Policy's other requirements were met. Of course, those benefits were not clearly formalized at the time of the actual disclosure decision in this case, and companies still need to consider all of the pros and cons related to such disclosures, including with regard to enforcement agencies and business considerations outside of the United States.
- DOJ Step to Promote Diversity in Monitors: The DPA requires "the imposition of a two-year independent compliance monitor." In connection with the selection of a monitor, the DPA notes that such selection should "be made in keeping with the [DOJ's] commitment to diversity and inclusion." This language had not previously appeared in DOJ FCPA resolutions. We expect the DOJ to include the language in future resolutions requiring a monitor.
- Focus on Aerospace: The Panasonic settlement is one of many enforcement actions against companies operating in the aerospace industry, which can be susceptible to FCPA risk because many aerospace customers are either foreign military organizations or foreign state-owned airlines (making them agencies or instrumentalities and their employees "foreign officials"), as well as because of the extensive and complex regulatory schemes covering aviation, which can create opportunities for improper payments. For example, in October 2016, the Brazilian aircraft manufacture Embraer S.A. agreed to pay a total of $205 million to U.S. and Brazilian authorities to settle charges that the company had made improper payments to officials at a Mozambique state-owned airline, the Dominican Republic Air Force, the Indian Air Force, and a Saudi Arabian state-owned oil company (for the purchase of business jets), as discussed in our FCPA Winter Review 2017. Similarly, in July 2016, LATAM Airlines Group S.A. agreed to pay $22 million to U.S. authorities to resolve allegations that it had made payments to Argentine labor union officials to resolve a collective bargaining dispute, as discussed in our FCPA Autumn Review 2016. Although not an FCPA bribery case, the 2016 Cease-and-Desist Order between the SEC and United Continental Holdings Inc. – the parent company of United Airlines – raised issues similar to Panasonic's charges related to the U.S. consultant discussed above. According to that SEC order, United Airlines allegedly maintained a money-losing route so that a New Jersey government official could more easily travel to his vacation home in South Carolina, resulting in Section 10(b) and FCPA accounting provision charges against United Continental Holdings.
Global Provider of Business Intelligence, Dun & Bradstreet, Settles with SEC for Improper Payments by Third Parties to Obtain Information in China
On April 23, 2018, the SEC announced that business intelligence provider Dun & Bradstreet Corporation (D&B) had reached a settlement to resolve allegations that the company violated the FCPA's books-and-records and internal-accounting-controls provisions. D&B agreed to pay disgorgement of $6,077,820, prejudgment interest of $1,143,664, and a civil penalty of $2 million to the SEC for allegedly improper payments made to Chinese government officials in exchange for business information. D&B is headquartered in Short Hills, New Jersey and trades on the New York Stock Exchange, making it an issuer under the FCPA. On the same day, the DOJ issued a declination "consistent with" its Corporate FCPA Enforcement Policy, such that the company will not face a DOJ enforcement action arising out of the information available to date to the Department regarding the same conduct.
As a global provider of business information to other companies, D&B's business model depends on access to and at times the purchase of commercial information such as credit history, sales and marketing data, and other factors relevant to counterparty risk exposure. According to the SEC Order, D&B's Asia Pacific interests were managed from an office in Singapore and included subsidiaries, joint ventures, and strategic partnerships in China, Taiwan, and Hong Kong, among other countries (this group of subsidiaries is referred to collectively as "D&B Greater China.") According to the SEC Cease-and-Desist Order (the Order), the agency's charges against D&B arose out of efforts by the Company to provide more comprehensive business intelligence for the Chinese market through a 2006 joint venture with an established Chinese business intelligence company – Huaxia Credit Consulting Co., Ltd. (Huaxia) – and the 2009 acquisition of a Chinese direct marketing services provider – Shanghai Roadway D&B Marketing Services Co., Ltd. (Roadway).
In 2006, Dun & Bradstreet International Consultant (Shanghai) Co. Ltd. (D&B China) launched its joint venture with Huaxia, called Huaxia Dun & Bradstreet Business Information Consulting Co. Ltd. (HDBC). The Order states that during D&B China's due diligence review of Huaxia's data acquisition practices, D&B found that Huaxia used its government connections to source financial statement information directly from provincial offices of the Chinese State Administration of Industry and Commerce (SAIC), the Chinese National Bureau of Statistics, lawyers, and other individuals. Huaxia's practice of obtaining information directly from government sources differed from D&B China's practices of using public sources. Furthermore, D&B Greater China's management allegedly understood that Huaxia regularly obtained information through agents that made improper payments to government officials. The Order notes that under Chinese law, business and financial information archived in SAIC offices is highly regulated, and access to SAIC archives is restricted to law enforcement agencies, the judiciary, disciplinary or inspection organization, and law firms in limited representations of clients in lawsuits. Chinese law further specifies that information in SAIC archived files cannot be made public or used for commercial services.
The SEC states that D&B Greater China's management responsible for data acquisition allegedly knew about the commercial use restrictions on SAIC data and understood that Huaxia employees made payments to SAIC provincial officials to obtain access to restricted information. Following the formation of the HDBC joint venture, a D&B China manager allegedly stopped the practice of Huaxia employees making payments directly to SAIC officials, and instead allegedly decided to engage third-party agents to illegally obtain restricted financial statement data, based on the mistaken belief that using third parties would shield D&B China from legal liability. The Order notes that, while there was some subsequent internal debate as to whether D&B China should authorize HDBC employees to purchase data directly from SAIC officials in order to reduce costs, D&B's Greater China management decided to continue using third party agents to make the payments. HDBC's alleged practice of using third-party agents to make payments to obtain restricted information continued from 2006 until mid-2012.
In 2009, D&B acquired the Chinese direct marketing services provider Roadway, by purchasing 90 percent of the shares in the existing company. D&B's pre-acquisition due diligence identified risks related to Roadway's acquisition of a significant amount of data from independent vendors. In light of changes to Chinese criminal laws related to citizens' data privacy in February 2009, including restrictions on organizations that unlawfully obtain personal information from Chinese government entities, D&B noted that it needed to ensure that Roadway's data had been obtained legally. (Notably, changes to Chinese criminal laws related to citizens' data privacy were cited in the arrest of the principals of ChinaWhys, related to the GlaxoSmithKline FCPA investigation.) According to the SEC Order, Roadway refused to warrant that no "rebates" were paid for the data because its sales representatives received payment based on commission, which could "incentivize them to 'share' the commission with the 'decision-maker' at the client in order to 'drum up' business." The Order states that D&B failed to follow up on this assertion and to conduct further due diligence to determine if improper kickbacks were paid to secure business. Further, internal audit reviews post-acquisition did not detect the improper payments.
Post-acquisition, Roadway allegedly continued to use agents to obtain private data in ways that violated Chinese law, which the company used in its marketing. Although the agents supplied D&B with certifications that the consumer data was legally obtained, D&B allegedly failed to audit or otherwise verify the sources from which agents acquired data. In 2012, a Chinese television news program featured a story on a Roadway sales executive, who claimed to have a database with specific financial, employment, and contact information purchased from banks, insurance companies, and real estate agents on over 150 million Chinese citizens. In March 2012, Shanghai police raided the Roadway offices, detained employees responsible for data acquisition, and charged the company with illegally obtaining private information of Chinese citizens. In January 2013, the Chinese government convicted Roadway and five individuals, and Roadway was required to pay approximately $160,000 in criminal fines.
According to the SEC Order, Roadway employees also made over 1,000 improper payments to customer "decision-makers" to obtain personal information between 2009 and 2012; of these payments, 156 were made to Chinese government agencies or state-owned enterprises. The improper payments were allegedly recorded in Roadway's books and records as legitimate promotional and advertisement expenses (pin tui).
D&B self-reported to the SEC and DOJ in March 2012, shortly after the Shanghai police raided the Roadway offices. D&B voluntarily produced documents from overseas, initiated an internal investigation, summarized findings of its internal investigation, translated key documents, provided timely factual summaries of witness interviews, made employees available to the SEC staff, and provided travel for employees to the United States for interviews.
As part of its remedial actions, D&B ceased the business operations of the Roadway subsidiary, discontinued the unlawful practices at HDBC, and terminated eleven D&B employees who were involved in the misconduct, including an officer of D&B China and other senior employees of a subsidiary. D&B also engaged a law firm to review every data vendor and source of data used in China. With respect to its internal accounting and compliance controls, D&B doubled the size of its audit and corporate compliance teams, hired legal and compliance personnel in China, supplemented its anti-corruption policies and procedures (including with respect to third party vendors), conducted anti-corruption training globally, and implemented a system to re-evaluate and supplement its anti-corruption compliance program.
The SEC found that D&B violated the books and records provisions of the FCPA by falsely recording illicit payments to government officials as legitimate data acquisition expenses, and D&B consolidated the false entries in HDBC's and Roadway's books and records in its own books and records. The SEC further found that D&B violated the internal accounting controls provision of the FCPA by failing to devise and maintain a sufficient system of internal accounting controls in its China subsidiaries to prevent and detect improper payments in connection with data acquisitions and sales.
- DOJ Issues First Declination Under Corporate FCPA Enforcement Policy: As noted, citing the Corporate FCPA Enforcement Policy, the DOJ declined to prosecute D&B for violations of the FCPA, "despite the bribery committed by employees of the Company's subsidiaries in China." The DOJ cited a number of factors in its decision to decline prosecution, including D&B's identification of the misconduct, prompt voluntary self-disclosure, thorough investigation, full cooperation (including identifying all individuals involved in the misconduct), provision of all facts to the DOJ, making current and former employees available for interviews, and translation of documents. The DOJ further cited the steps that D&B undertook to enhance its compliance program and internal controls, including the termination of eleven employees involved in the misconduct (including senior executives).
Another noteworthy point is that the DOJ agreed to issue a declination under the Policy despite the fact that D&B self-disclosed in 2012, prior to the DOJ's issuance of the Policy, which may indicate that companies that self-disclosed prior to the announcement of the Policy are "grandfathered." The fact that the company self-disclosed to the agencies more than six years prior to the declination could demonstrate that, even with full cooperation and prompt self-disclosure, companies can expect to invest substantial time and resources in order to receive the benefits under the Policy.
- Data Privacy and State Secrecy Violations as Impetus for FCPA Violations: The circumvention of data privacy and state secrecy laws through improper payments to government officials may become increasingly common, given the tightening restrictions on data privacy and data acquisition in many countries. While D&B is the first company to settle with U.S. authorities for FCPA violations related to the improper acquisition of data, Chinese data privacy laws have been at the heart of criminal convictions in the anti-corruption space before. In 2013, two principals from ChinaWhys, a third party due diligence company used by GlaxoSmithKline, were arrested by Chinese authorities for illegal methods used in obtaining information on businesses in connection with the GlaxoSmithKline bribery investigation. With the newly issued GDPR further restricting data acquisition efforts in the EU and of EU citizens, enforcement agencies may scrutinize data privacy violations in terms of potential anti-corruption violations as well. The D&B settlement demonstrates the difficulty of obtaining information in challenging jurisdictions. Companies seeking due diligence information on potential business partners or providers should examine how the data is collected to ensure that they are not enabling the very type of misconduct they are seeking to address.
- Red Flags in Joint Venture Due Diligence: The D&B settlement highlights the importance of addressing and remediating red flags discovered in pre-deal due diligence of joint venture partners. Here, D&B Greater China's management allegedly knew about the legal restrictions on SAIC data and understood that Huaxia employees made payments to SAIC provincial officials to obtain restricted information prior to entering a joint venture partnership with Huaxia. D&B's failure to stop the unlawful payments after the joint venture was formed, despite knowing about the red flags, formed the basis of the company's settlement with the SEC.
Société Générale Resolves FCPA-Related and Other Allegations with U.S. and French Authorities for Over $1 Billion
On June 4, 2018, the French financial services company Société Générale S.A. (Société Générale) and its subsidiary SGA Société Générale Acceptance N.V. (SGA) agreed to resolve FCPA- and Libor-related allegations with the DOJ. On the same day, the Commodity Futures Trading Commission filed an Order in which it determined to accept a settlement offer from Société Générale in connection with Libor-related allegations. These resolutions follow Société Générale's agreement with the French Parquet National Financier (PNF) on May 24, 2018, to resolve the same bribery and Libor-related issues.
To resolve the FCPA and Libor matters with the DOJ, Société Générale entered into a DPA, and SGA pled guilty to a one-count criminal information charging SGA with conspiring to violate the anti-bribery provisions of the FCPA. Société Générale agreed to pay $585,552,888 as a criminal penalty for FCPA-related violations, of which it was to pay $500,000 on behalf of SGA. The DOJ agreed to offset up to $292,776,444 of the FCPA-related penalties against penalties to be paid by Société Générale to the PNF in connection with the same and related issues for violations of French laws. Société Générale also agreed to pay $275,000,000 to the United States in connection with the Libor issues, for a total DOJ resolution amount of $860,552,888. Separately, Société Générale also agreed to pay $475,000,000 to the Commodity Futures Trading Commission pursuant to an Order in connection with Libor-related allegations.
According to the DPA, "[b]y at least 2006," multiple Société Générale employees knew that a Libyan and Italian dual-national, "the Libyan Intermediary," was bribing Libyan government officials to assist Société Générale in securing business with the Libyan government, and the company continued to work with the Libyan Intermediary despite that knowledge. Specifically, Société Générale employees "understood that the Libyan Intermediary was using some portion of commission" amounts he received from Société Générale to bribe a close relative of Muammar Gaddafi and several state bank employees with payments and travel, gifts, and entertainment. Société Générale employees concealed the commission payments to the Libyan Intermediary (including the intended bribe payments to officials) by recording them in records as "introduction" services or for being an "introducing broker." In total, Société Générale sold to the Libyan government 13 structured notes and one restructuring worth approximately $3.66 billion, on which Société Générale earned a profit of approximately $523 million. From 2005 until 2009, Société Générale paid the Libyan Intermediary a commission on each of the product sales to the Libyan State Agencies (the Libyan Investment Authority (LIA), Economic and Social Development Fund, Libyan Arab Foreign Bank, and Central Bank of Libya). The commission ranged from 1.5 percent to 3 percent and totaled approximately $91 million. Société Générale sent the payments to the Libyan Intermediary's Panamanian bank account.
According to the DPA, during the relevant time period, some Société Générale employees knew that the Libyan Intermediary had threatened and intimidated Libyan state agencies to hire certain individuals. And, according to the DPA, Société Générale employees actively sought to conceal their relationship with the Libyan Intermediary from the LIA. Société Générale was required to disclose its payments to the Panamanian company of the Libyan Intermediary on term sheets for business with Libyan banks. The DPA states that Société Générale employees specifically sought to hide these payments with small font and non-standard typeface. When new management of the LIA inquired about the Libyan Intermediary's Panamanian company in 2010, Société Générale employees responded to the LIA's inquiry with "false and misleading information."
As discussed further in our coverage of the Legg Mason settlement, in seven of Société Générale's 14 transactions, Société Générale paid commissions to the Libyan Intermediary for the benefit of Legg Mason, Inc., a Maryland-based investment management firm, which, through a subsidiary, managed funds invested by the Libyan state agencies, according to the DOJ. Legg Mason Inc. entered into a Non-Prosecution Agreement with the DOJ on June 4, 2018.
- First Coordinated Settlement between U.S. and French Authorities: Société Générale's settlement with the PNF represents the first coordinated FCPA-related settlement between U.S. and French authorities. As it has in other situations, the DOJ is crediting up to 50 percent of what it would have received in penalties towards the penalty payments being made by Société Générale to French authorities. The PNF was established in 2014 and reportedly began investigating Société Générale the same year. Following Sapin II, the French anti-corruption law that entered into force in November 2016, the Société Générale resolution demonstrates an increased focus by French authorities on anti-corruption enforcement, as well as demonstrates increased anti-corruption cooperation and enforcement coordination between French and U.S. authorities.
- Prosecution of Individuals: There are indications in media reports that the United States and France may have reached an agreement to divide up the prosecution of individuals by nationality. Specifically, one report noted that French Prosecutor Éliane Houlette recently stated that France intended to prosecute involved French individuals, while the United States would prosecute American and Libyan individuals.
- Compliance Program Monitoring by French Authorities: Société Générale's DPA requires it to report to the DOJ annually during the term of the DPA, "consistent with [Société Générale's] obligations to report to the PNF and the [Agence Française Anticorruption or AFA]." This language may signify that the DOJ in effect deferred to French government monitoring of Société Générale's compliance program rather than requiring an independent compliance monitor itself. According to the terms of Société Générale's resolution with the PNF, Société Générale undertakes to have the AFA monitor its compliance program for a period of two years and to reimburse costs incurred by the AFA for experts up to $3 million.
- Separate Civil Settlement by Société Générale with Libyan Investment Authority: Various sources (including a Société Générale press release, the DPA, and the French resolution) report that Société Générale entered into a civil settlement in May 2017 with the LIA. Both Société Générale's resolution with the French authorities and the company's DPA mention and appear to give credit to Société Générale for this settlement. The French resolution specifically notes that Société Générale's settlement with the LIA compensated the LIA for its losses related to the matter and drew attention to Société Générale's apology to the LIA. According to the French resolution, Société Générale agreed to pay $963 million Euros to the LIA. We have seen no indication that U.S. or French authorities cooperated in the civil dispute between Société Générale and the LIA. Additionally, neither the DPA nor the French resolution is clear on the exact monetary consequences of the civil settlement for Société Générale's resolutions with U.S. or French authorities, although the French resolution indicates that Société Générale said it met its obligation to indemnify LIA as a victim. Notably, Sapin II allows prosecutors to require victim compensation in addition to any penalty.
On June 4, 2018, Legg Mason, Inc. (Legg Mason), a Baltimore, Maryland-based investment management firm, entered into a three-year NPA with the DOJ, agreeing to pay $64.2 million to resolve the DOJ's investigation into violations of the FCPA in connection with the participation of a company subsidiary in a Libyan bribery scheme. The charges against Legg Mason included participation in a scheme to pass on bribes to high-level Libyan government officials, maintaining false books and records, failure to implement adequate internal accounting controls, circumvention of internal controls, and conspiracy to violate the FCPA. The subsidiary, Permal Group Ltd. (Permal), which Legg Mason acquired in 2005, was a hedge fund that had been managing money on behalf of the Libyan government in the years before the fall of Muammar Gadhafi's regime in 2011. The DOJ investigation concerned Permal's activities related to managing assets of Libyan governmental entities in financial deals set up by Société Générale S.A. (Société Générale), discussed in greater detail above. The investigation arose from the actions of former Permal employees who had left the firm at least four years ago and concerned investment deals that were made between 2005 and 2007 and terminated by 2012.
Legg Mason entered into a NPA and agreed to pay $64.2 million to resolve the FCPA enforcement action, including a monetary penalty of $32.625 million and disgorgement of $31.618 million. The company also agreed to continue to cooperate with the DOJ in any ongoing investigations and prosecutions relating to the misconduct, including of individuals, and to enhance its compliance program and report to the DOJ on its implementation of the program and related internal accounting controls over a three-year period.
According to the NPA, Permal had partnered with Société Générale to solicit business from state-owned financial institutions in Libya between 2004 and 2010. During that period, "Société Générale paid bribes through a Libyan 'broker' in connection with fourteen investments made by Libyan state-owned financial institutions" – the same "Libyan Intermediary" at the center of the allegations against Société Générale. According to the DOJ, Société Générale paid the Libyan broker more than $90 million in commissions, a portion of which was passed on to high-level Libyan officials to secure the investments from various Libyan state institutions for Société Générale. Because of the corrupt scheme, Société Générale obtained one restructuring transaction and several investments from Libyan state-owned institutions worth approximately $3.66 billion, on which Société Générale earned profits of more than $523 million. Legg Mason, through Permal, managed seven of those investments and earned profits of approximately $32 million.
According to the Statement of Facts stipulated in the NPA, Legg Mason's wholly-owned subsidiary Permal had sought investments from several of Libya's state investment agencies following the lifting of the economic sanctions against the country in 2005. Two Permal employees conspired with Société Générale employees to pay a Libyan intermediary in exchange for the intermediary's efforts to encourage investments by the Libyan state agencies. The Permal employees had established the relationship with the Libyan intermediary as early as 2004 and sought direct investments from the Libyan agencies. However, the agencies ultimately bought Société Générale notes, which were linked to performance of investment funds managed by Permal.
Although the DOJ's settlement announcement acknowledged the cooperation and assistance of the SEC, the SEC was not party to the resolution. However, on the day of the settlement with the DOJ, in a letter to shareholders, Joseph Sullivan, Legg Mason's Chairman and CEO, said that the company expected to reach "a settlement in principle" soon with the SEC regarding the bribery scheme charges. Sullivan also stated that the company was "pleased to put the U.S. Department of Justice portion of this matter behind us."
On the same day that the DOJ settled the charges with Legg Mason, the DOJ announced its FCPA resolution with Société Générale and its wholly-owned subsidiary SGA Société Générale Acceptance N.V., related to the same scheme to bribe Libyan government officials and other charges related to interest rate manipulation.
- Importance of Voluntary Self-Disclosure, Cooperation, and Remediation: Legg Mason's settlement emphasizes the high value that the DOJ continues to place on voluntary self-disclosure, cooperation, and remediation—and the cooperation credit that companies can receive if they voluntarily and timely self-disclose, fully cooperate with the authorities, and implement the appropriate remedial measures. Specifically, the NPA makes clear that the DOJ reached the resolution with Legg Mason based on several mitigating factors. First, although the company did not receive voluntary disclosure credit because it did not voluntarily and timely disclose the misconduct, it fully cooperated in the investigation and fully remediated. Second, the investigation determined that Legg Mason's misconduct had involved only two mid-to-lower level employees of Permal and was not pervasive throughout Legg Mason or Permal. In contrast, although Permal employees had introduced the Libyan broker to Société Générale, it was Société Générale, rather than Legg Mason or Permal, that maintained the relationship with the Libyan broker and was responsible for originating and leading the scheme. Third, the DOJ noted that the profits earned by Legg Mason and Permal were less than 10 percent of the profits earned by its co-conspirator, Société Générale. Finally, the DOJ emphasized that neither Legg Mason nor Permal had a history of similar misconduct. As a result, the company received full cooperation credit, an NPA as an "appropriate resolution" of the matter, "a criminal penalty with an aggregate discount of 25% off of the bottom of the U.S. Sentencing Guidelines fine range, and disgorgement of the illicit gains." Importantly, the NPA stated that based on the company's remediation and the state of its compliance program, and the company's agreement to report to the DOJ periodically, the DOJ determined that an independent compliance monitor was unnecessary. In particular, prior to entering into the NPA and in addition to fully cooperating with the investigation, Legg Mason had implemented several remedial measures, including adding full-time legal and compliance employees and a designated anti-corruption officer; initiating internal audit reviews of its policies in this area; enhancing and regularizing employee training, including routine in-person training and quarterly external training; and instituting compliance oversight across a broad category of business expenditures.
- Credit for Payments to Other Enforcement Authorities: The NPA stated that the DOJ would "credit any disgorgement paid by the Company" to other law enforcement authorities. Although this language likely alludes to Legg Mason's potential upcoming settlement with the SEC, it also shows the DOJ's intention, pursuant to new policy and guidelines announced by Deputy Attorney General Rod Rosenstein on May 9, 2018, to avoid assessment of fines and penalties by multiple regulators for the same misconduct.
- Application of Agency Theory of Liability: The Legg Mason FCPA resolution assigned criminal liability for the actions of Permal to that company's corporate parent, Legg Mason. The NPA specifically stated that neither Legg Mason nor its employees had been involved in the corrupt scheme to make payments to the Libyan officials. The DOJ recognized that Legg Mason and its employees had not been involved in the wrongdoing, had not conspired to commit an offense, and had not aided and abetted an offense. Rather, the misconduct involved only two mid-level Permal employees and was not pervasive throughout the company. The employees had left Permal at least four years prior to the NPA. The likely reason for this posture is that Permal itself no longer exists, having been dissolved in 2016 and its assets transferred to another entity. Nevertheless, the NPA alleged that Permal had acted as an agent of Legg Mason (thus creating liability for Legg Mason) based on several factors, including, among others, the company's majority ownership of Permal; consolidation of Permal's financial statements into Legg Mason's; the company's and Permal's participation in a net revenue sharing arrangement; and Permal's employees subjected to Legg Mason's Code of Conduct.
On April 13, 2018, in a press release announcing the guilty plea of Aruban telecom official Egbert Yvan Ferdinand Koolman for conspiracy to commit money laundering, the DOJ referenced a guilty plea by Lawrence W. Parker Jr. to one count of conspiracy to violate the FCPA and to commit wire fraud.
According to the DOJ's Information filed on December 20, 2017, Parker, a U.S. citizen and owner or controlling member of at least five telephone companies based in Florida (referred to as Phone Company #1 through Phone Company #5), and while in the Southern District of Florida, discussed in person making bribe payments or "commissions" to Koolman, who was a Product Manager of the Aruban Telecom company Servicio di Telecomunicacion di Aruba N.V. (Setar). Koolman was responsible for purchasing mobile phones and accessories for Setar and thus had influence over the approval and awarding of contracts with vendors. In exchange, Parker, Phone Companies #1-5, and others received confidential business information, including a competing supplier's bid proposal to Setar, and were promised other business. According to the Information, bribe payments were wired from the accounts of Phone Company #1, Phone Company #2, Phone Company #3, and Phone Company #5 to foreign accounts of Koolman. In addition, bribes were paid in cash to Koolman and his ex-wife during meetings in Florida and elsewhere.
To conceal the scheme, Parker and others hid the bribe payments in invoices sent to Setar. The bribe payments highlighted in the Information totaled $85,600, although the total amount of the bribes paid pursuant to the scheme is unclear.
On December 28, 2017, Parker entered a guilty plea and faced a maximum penalty of 60 months imprisonment. On April 12, 2018, the Government filed a Motion for Downward Departure Pursuant to Section 5K1.1 of the U.S. Sentencing Guidelines, recommending a sentence reduction of 33 percent from the low end of the Guidelines range. According to the Government, Parker cooperated since he was first approached by the FBI and provided "substantial assistance" that led to the prosecution of other members of the conspiracy.
On April 30, 2018, U.S. District Court Judge Cecilia Altonaga sentenced Parker to 35 months imprisonment followed by three years of supervised released. Parker must also pay $701,750 in restitution. The decrease in Parker's prison sentence represents an approximately 38.5 percent reduction from the low end of the Presentence Investigation Report prepared for Parker and referenced in the Government's Downward Departure Motion, which was 57 months.
Relatedly and as noted above, on April 13, 2018, Koolman pled guilty to conspiracy to commit money laundering. On June 27, 2018, Koolman was sentenced to 36 months in prison followed by three years of supervised release. He must also pay more than $1.3 million in restitution.
On April 4, 2018, Julia "Vivi" Wang, a naturalized U.S. citizen who was born in China, pleaded guilty to one count of conspiracy to violate the FCPA, one count of violating the FCPA, and one count of submitting fraudulent tax returns. According to the superseding information, Wang wired $500,000 to John W. Ashe, the former Ambassador to the United Nations from Antigua and Barbud and former president of the United Nations General Assembly, to secure an improper advantage for Chinese businesspeople doing business in the Caribbean. Wang's sentencing is scheduled for September 5, 2018; she faces a maximum of five years of imprisonment, a fine of the greater of $250,000 or twice the gross gain to the conspirators or loss to its victims, full restitution, a special assessment, and three years of supervised release.
As reported in our FCPA Autumn Review 2017, a federal jury found a Chinese billionaire, Ng Lap Seng, guilty of paying approximately $1.3 million in bribes to Ashe and Francis Lorenzo, the former U.N. Deputy Ambassador from the Dominican Republic. In exchange for the bribes, Ng received formal U.N. support for a multi-billion dollar conference center he planned to construct in Macau. In May, a federal judge sentenced Ng to 4 years in prison and fined him $1 million. Four other individuals have pled guilty based on related charges, including Lorenzo.
Over the past several months, U.S. District Court Judge for the District of Columbia Rudolph Contreras has dealt two blows to the DOJ's efforts to shield certain information from public disclosure regarding the appointment and work of independent compliance monitors. In both matters, journalists sought access to records pursuant to the Freedom of Information Act (FOIA) and the government either produced documents in redacted form or entirely withheld documents. Although recognizing the validity of some of the government's redactions in both matters, Judge Contreras ultimately ordered the government to provide the journalists with additional information and records, as described below.
First, in March, the court ruled in favor of GIR Just Anti-Corruption reporter Dylan Tokar in his suit against the DOJ that sought records regarding the selection of corporate compliance monitors in fifteen FCPA matters that had been resolved through deferred prosecution agreements. Tokar had sought records containing three types of information: (1) the names of the top three monitors candidates and their associated law firms or consulting firms submitted by the corporations to the DOJ; (2) the names and titles of members of the DOJ's "Standing Committee on the Selection of Monitors" from January 2009 to the present, their dates of service, and "the names of any temporary designees and their dates of service"; and (3) statements submitted by corporations in response to the DOJ's notifications to them regarding Tokar's FOIA request. In response, the DOJ had provided Tokar with a table containing the information requested in (1) and (2) described above, but redacting "the names of the monitor candidates who were nominated but not selected, the firms these candidates worked for if those firms were small, and the names of two members of the DOJ Standing Committee." The DOJ also had provided copies of letters submitted by corporations in response to the DOJ's FOIA notice letters, but redacted the names of unselected monitor candidates, the names of private counsel responding to the DOJ notice, and the names of two DOJ employees involved in the notice process. The DOJ later disclosed the names of all the individuals who served on the monitor selection committee.
In addition to ordering DOJ to search for and to release records reflecting the names contained in the table, the court in March ordered the DOJ to remove redactions of the names of individuals and their associated firms who were not selected to be monitors, the names of private attorneys who responded to the DOJ's letters regarding the FOIA request, and the names of DOJ employees involved in the notice process. The court stated that these redactions were impermissible under the FOIA exemptions cited by the government. The court upheld the DOJ's redaction of certain information contained in one of the letters from a corporation to the DOJ regarding that company's compliance program. The DOJ did not appeal the decision and status reports filed with the court reflect that the DOJ has been working to search for and produce the required documents on a rolling basis.
Second, in June, the District Court ruled partially in favor of 100Reporters LLC (100Reporters) in its action seeking records connected to the Siemens Aktiengesellschaft (Siemens) FCPA monitorship under Dr. Theodor Waigel (the Monitor). 100Reporters sought a number of documents, including the "Monitor's work plans, reviews, and reports" and other records related to the Monitor's evaluation of Siemens. Following initial productions from the DOJ and briefing by the parties, the court directed the DOJ to provide supplemental submissions in support of its assertions of the deliberative process privilege and to provide one of the Monitor's work plans and annual reports, including attachments, to the court for in camera review.
Following that review and supplemental briefing, although the court found that the DOJ was justified in withholding certain information pursuant to the deliberative process privilege, as well as commercial and personal information, the court also found that the DOJ had impermissibly redacted or withheld other records on those same grounds. Specifically, the court determined that the Monitor's work plan and reports contained non-commercial information that could be produced, that final copies of the work plan and monitor report would not be covered by the deliberative process privilege, and that privacy exemptions did not allow the DOJ to withhold the names of monitorship team members and Siemens executives, including board members. The court ultimately held that the "DOJ failed to fulfill its obligation to segregate and disclose non-exempt information" and ordered the DOJ to reexamine its withholdings and redactions in light of the opinion, with the goal of unredacting and producing non-exempt materials. The DOJ has not indicated whether it intends to appeal the decision.
Supreme Court Holds that SEC ALJs are Officers under the Appointments Clause, Specifies that New Hearing before Another ALJ or the SEC is Necessary
In June, the Supreme Court reversed the U.S. Court of Appeals for the D.C. Circuit and held in Lucia v. Securities and Exchange Commission, that the SEC's five administrative law judges (ALJs) are "officers" within the meaning of the Appointments Clause of the Constitution. "Officers" need to be appointed by the President, a court of law, or a head of a department. The SEC ALJs were not appointed by any of those methods and instead were selected by other SEC staff members. The June opinion resolved a circuit split between the D.C. Circuit and the U.S. Court of Appeals for the Tenth Circuit, discussed in our FCPA Winter Review 2017, regarding the constitutionality of the SEC's ALJ system. One week after issuing its opinion in Lucia, the Court denied the SEC's petition for writ of certiorari to review the Tenth Circuit opinion.
Justice Elena Kagan's majority opinion applied a two-part test, taken from the Court's 1879 ruling in United States v. Germaine and 1976 ruling in Buckley v. Valeo, for distinguishing an "officer" from an employee. The test requires that officers, first, have "continuing and permanent" duties and, second, exercise "significant authority." Justice Kagan declined to elaborate on the meaning of the "significant authority" standard, instead reasoning that the case at hand was controlled by the Court's 1991 ruling in Freytag v. Commissioner of Internal Revenue, in which the Court held that the U.S. Tax Court's special trial judges (STJs) were officers. Justice Kagan noted that the SEC ALJs, like the STJs, held "a continuing office established by law" and exercised "significant discretion" in carrying out "important functions," including taking testimony, conducting trials, ruling on evidence admissibility, and having "the power to enforce compliance with discovery orders." Further, the SEC ALJs issue decisions with "potentially more independent effect" than the STJ's decisions because, if the SEC declines to review the ALJ's decisions, they become final.
The Court further held that the appropriate remedy for Mr. Lucia was a new hearing before a constitutionally appointed ALJ. The Court specified that the original ALJ who heard the case could not conduct the new hearing "even if he has by now received (or receives sometime in the future) a constitutional appointment." In a footnote, the Court acknowledged the SEC's November 2017 order "ratifying" the appointment of its ALJs (see FCPA Winter Review 2018) but declined to address its validity, instead stating the SEC had not indicated that it would assign the case "to an ALJ whose claim to authority rests on the ratification order" and it could assign the hearing to itself or to "an ALJ who has received a constitutional appointment independent of the ratification."
In the wake of Lucia, the SEC announced that it was staying all "pending administrative proceedings initiated by an order instituting that commenced the proceeding and set it for hearing before an administrative law judge, including any such proceeding currently pending before the Commission." The stay, announced the same day as the Lucia opinion, was to last "for 30 days or further order of the Commission" and has been extended such that it will remain in effect until at least August 22, 2018. The SEC will have to decide not only how to handle cases against litigants in the same position as Mr. Lucia, for whom the Court has seemingly provided a remedial road map, but also whether it needs to do more than simply "ratify" the appointment of its current ALJs, who have been conducting hearings over the past several months.
In July, President Trump issued an executive order which attempts to forestall challenges to the constitutionality of ALJ's appointed pursuant to 5 U.S.C. § 3105 and serving across the federal government. The executive order explicitly cites Lucia and extrapolates from the opinion that "at least some ‒ and perhaps all ‒ ALJs are 'Officers of the United States' and thus subject to the Constitution's Appointments Clause." Thus, as its title suggests, "The Executive Order Excepting Administrative Law Judges from the Competitive Service" exempts ALJs from existing competitive examination and competition service selection procedures and puts the authority to select such judges in the hands of the agency itself. In addition to stating that the procedural change to the Civil Service Rules will "provide agency heads with additional flexibility" in the selection process and "give agencies greater ability and discretion to assess critical qualities in ALJ candidate," the Executive Order explicitly references litigation risk and states that excepting judges from the regular process will "mitigate concerns about undue limitations on the selection of ALJs, reduce the likelihood of successful Appointments Clause challenges, and forestall litigation in which such concerns have been or might be raised." The order does not affect the appointment of current ALJs.
An April 2018 decision from two judges on the English High Court further calls into question the protection of notes from interviews and could lead the SFO to aggressively seek interview notes during future investigations, particularly where the prosecution of individuals is possible. In R (AL) v. Serious Fraud Office,  EWHC 856 (19 April 2018), Justices Green and Holroyde extensively criticized the SFO for failing to aggressively seek interview notes. The High Court judges said that interview notes are not protected by privilege and that, in any event, oral downloads of the information contained in the interview notes waived any privilege. Though the relevant language is dicta, the sentiment expressed could have serious consequences on the treatment of interview notes by the SFO.
The genesis of the litigation was the SFO's 2016 DPA with XYZ, a company that remains anonymous because of ongoing litigation. One condition of the DPA was that XYZ fully cooperate with the SFO, including disclosure to the SFO of all information and material "not protected by a valid claim of legal professional privilege or any other applicable legal protection against disclosure." Prior to self-disclosing to the SFO, XYZ conducted an internal investigation, which included interviews with four company executives. The SFO requested the notes from those interviews but the company declined, asserting privilege. After much negotiation, the SFO agreed to allow the company's lawyers to provide oral proffers of the interviews instead of the interview notes. The SFO ultimately decided to charge one of the four executives (identified as AL) in what was the first ever criminal prosecution of an individual related to a DPA with the SFO. As part of its disclosure obligations, the SFO turned over transcripts of the oral proffers. AL sought the complete interview notes but a judge for the Crown Court in England said the SFO's disclosure obligations extended only to documents in its possession. AL then sought judicial review in the High Court of England of the decision by the SFO not to pursue XYZ for the interview notes under the DPA.
In an opinion in April 2018, the High Court held that it did not have jurisdiction to hear the claims by AL, making the rest of the opinion dicta. Still, the opinion is significant for what it says about the protection of interview notes in an internal investigation, or lack thereof, particularly where the company decides to cooperate with the government. The court described the process of receiving oral proffers as "highly artificial" and said, "We do not know why the SFO did not simply demand, robustly, that the written summaries used by the lawyer . . . be handed over." The High Court harshly criticized the SFO, saying that the interview notes are clearly not privileged and, even if they were, that privilege would have been waived by XYZ's decision to offer oral proffers.
Though it is generally believed that the full scope of the litigation privilege with regard to interview notes remains unclear, the High Court believed that "[t]he law as it stands today is settled. Privilege does not apply to first interview notes." The SFO had taken the position that XYZ's argument of privilege was "not obviously invalid." The court rejected that test, saying "[s]omething that is not 'obviously' wrong may still be thoroughly wrong on proper, detailed, analysis by a competent lawyer." As we previously reported, the English courts have considered the scope of the litigation privilege in two recent cases, SFO v. ENRC and Bilta v. RBS, and some believe the full scope of the privilege as it relates to interview notes remains unclear. In reaching its conclusion, the High Court focused on ENRC and its predecessor case, Three Rivers District Council v. Governor and Company of the Bank of England, but did not address the approach taken in Bilta.
After concluding that the law was clear that interview notes are not protected by privilege, the Court went on to say that, even if that were not true, XYZ waived the privilege by providing oral summaries of the interviews. Because the Court concluded the proffers contained privileged information, it determined the oral proffers amounted to a waiver of privilege and opened the door to disclosure of the underlying interview notes. At the oral proffers, the lawyers for XYZ repeatedly told the SFO that the oral proffers should not be taken as a waiver of attorney client privilege. However, the Court said that if a client objectively waives privilege, it cannot claim the waiver did not exist simply by asserting that there has been no waiver.
Though dicta, the Court's opinion will likely have profound effects upon how the SFO interacts with companies. After the opinion was released, the SFO hinted that it would more vigorously seek interview notes going forward, saying in a statement that "[w]e will certainly seek to ensure that our future approach to such matters reflects the Court's findings and observations." In recent years, because of decisions like Three Rivers and ENRC, companies conducting internal investigations with an eye toward interacting with the SFO have had to carefully consider whether their interview notes would be protected by privilege. The ENRC appeal is still pending and will have an effect on this area of law, but after R (AL) v. SFO, it is significantly less likely that companies will be able to withhold interview notes from the SFO.
In addition, companies must weigh the benefits of fully cooperating with the government against the possibility of waiving privilege through oral proffers. This U.K. decision follows on the heels of a decision in SEC v. Herrera, No. 17-20301, ECF No. 71, (S.D. Fl. Dec. 5, 2017), which similarly held that work-product protection was waived when attorneys disclosed information about the interviews to the SEC in oral downloads. The decision in Herrera turned on the fact that the oral download was so detailed that it was "the functional equivalent" of the actual notes, hinting that the argument for privilege would be stronger if the oral downloads had contained only vague references to the substance of the interviews or "detail-free conclusions or general impressions."
On May 25, 2018, the European Union's new expansive data privacy regime, the General Data Protection Regulation (GDPR), went into effect. The new law is more restrictive than previous data privacy regulations and will likely have a significant impact on the way both cross-border internal investigations and multi-jurisdictional agency enforcement actions are conducted.
One of the most significant facets of the GDPR is its reach. Firstly, it seeks to protect the "personal data" of individuals who are physically in the EU, and therefore applies to more than just EU citizens and residents by reaching out to give rights to anyone who is in the EU, even temporarily, and who has personal data in the EU (EU data subjects) that an entity wants to access. Second, the types of data protected are defined broadly to include any information related to a natural person that can be used to either directly or indirectly identify him or her. This includes standard identifying information such as name, national identifiers (social security number equivalents), address, medical/biometric information, birthday, etc., but also includes photos, social media posts, email addresses, computer IP information, and portable device location data. In addition, disparate pieces of information that when viewed in the aggregate are sufficient to identify an individual also constitute personal data. This goes beyond what information had been protected by prior data privacy laws.
Another important aspect of the GDPR is its territorial scope. The GDPR seeks to control the activities of companies or other entities, not only operating just in the EU, but also the activities of any company that wants to access, use, store, or otherwise "process" the personal data of individuals who are in the EU – no matter where the company is operating or where the processing would take place. Further, the GDPR continues to restrict the ability of companies or other entities to transfer such data outside of the EU. As a result, the GDPR essentially affects any company anywhere in the world that wants to access or process the personal data of EU data subjects.
Companies affected by the GDPR are divided into two groups, by the functions they will perform. "Controllers" determine why and how personal data is processed (i.e. the purposes and the means) and may process the data themselves. Generally, companies and their lawyers are controllers. On the other hand, "processors" only conduct the processing of the data on behalf of, and at the direction of, a controller. This category would include e-discovery vendors, forensic data firms, etc. Data processing can involve either automated and manual data manipulation – or both – including the collection, organization, storage, alteration, destruction, or dissemination of personal data. The GDPR requires processors to keep detailed records of what personal data they possess and how it is processed. Most importantly, companies will need to carefully document their GDPR relationships and agreements with their lawyers and with entities that process their data.
Processing of personal data may only occur under a strict set of circumstances and only for a clearly articulated and legal purpose, and must be limited to only what is necessary to fulfill the legal basis for the processing. The purposes most applicable in internal and cross-border investigations will include processing that is necessary for a contract with the data subject, necessary for the controller to comply with EU law, or for the controller's "legitimate interest." "Consent" by the data subject is available, as it was in the past, but the GDPR requires that consent be explicit and affirmative, in a clear and intelligible form, using plain language, and gained after an explanation of all privacy rights. Consent can also be withdrawn – at which point the processing would have to cease. Thus, it is now dangerous for companies to rely on consent of the data subjects in an investigation as the basis for processing their data. Moreover, most FCPA and other anti-corruption investigations involve vast amounts of data, so it may not be feasible to obtain consent for every individual.
The most likely legal basis available to most companies conducting investigations is that each company – and its lawyers – have a "legitimate interest." Companies may argue that they have a legitimate interest in investigating, stopping, or preventing possible corruption or addressing internal compliance issues. Law firms may argue that they have a legitimate interest in providing legal advice to their clients. Such investigations and legal advice may result in a company decision to cooperate with a DOJ enforcement action to minimize or possibly eliminate criminal liability and any commensurate financial penalty, which can create tensions with the company's obligations to comply with the GDPR. A further complication with using the "legitimate interest" basis for processing data is that, at some point in the investigative process, companies and their lawyers will need to inform data subjects about what data they have collected and are processing.
Establishing a legal basis for processing personal data does not cover international transfers of the data. Controllers must establish separate justifications, and satisfy separate requirements, to share personal data with third parties located outside of the EU. Indeed, the GDPR generally prohibits a company from sharing personal data with any entity that is not a controller or a processor – which includes non-EU law enforcement agencies. Mutual legal assistance treaties (MLATs) are still available for intergovernmental transfer, but the GDPR does not provide a smooth path for private companies, or their lawyers, to share the personal data of EU data subjects with U.S. regulatory and law enforcement personnel.
The GDPR's expansive data privacy regime can present significant obstacles to organizations that are conducting internal investigations, responding to enforcement actions, or attempting to comply with the DOJ's FCPA Corporate Enforcement Policy. As discussed in our Winter 2018 FCPA Review, this Policy establishes a presumption that a company will receive a declination if it voluntarily discloses an FCPA violation, cooperates with the DOJ's investigation, and properly remediates all unlawful conduct. Under the Policy, self-disclosure and full cooperation require production to the DOJ of all facts relevant to the wrongdoing at issue, which includes the provision of documents, information relating to the involvement and potential culpability of the company's officers, employees, or agents, and making available for interview those company officers and employees who may possess relevant information. The requirement that a company produce all relevant documents, including overseas documents, creates a clear conflict with the GDPR's restrictions on the processing and disclosure of EU data subjects' personal data. And the penalties for violations of or non-compliance with the GDPR are severe—up to four percent of a company's global annual revenue or €20 million, whichever is greater.
A company deciding whether to provide documents and personal data to the U.S. government therefore faces a dilemma. Those wishing to receive lenient treatment for FCPA violations must balance the benefits of a potential declination or a reduced financial penalty with the risk of significant fines under the GDPR. The DOJ Policy places the burden on the company to justify its argument that it cannot disclose documents, and must show specific efforts to identify all available legal avenues to locate and produce relevant material. This tension between the DOJ FCPA Corporate Enforcement Policy and the GDPR will require companies and their external counsel to think creatively about how to collect and produce information sufficient to obtain cooperation credit from the DOJ, while minimizing the risks of liability under the GDPR.
Companies will need to comply with the GDPR to the maximum extent possible, including documenting their legal basis for processing, the specific processing steps undertaken, compliance with the rules related to the international transfer of data to third parties (such as the companies' US law firm and/or litigation support providers) and the efforts they have taken to protect the rights of EU data subjects. Of course, a company's collection, processing, and ultimate production of documents should be as narrowly tailored as possible, while still endeavoring to provide all necessary information about the wrongdoing at issue in order to receive full cooperation credit.
It is expected that more guidance from EU regulatory authorities will be issued in the coming months and years, but the current state is rife with unresolved questions about how the GDPR will work in practice, particularly for companies not based in the EU and for the conduct of internal and external investigations. As cross-border investigations become increasingly complex, the tensions between the FCPA Corporate Enforcement Policy and the GDPR will likely become a cornerstone consideration for every investigation. Companies and external counsel will need to create sophisticated strategies for complying with both enforcement and data privacy regimes to balance the risk and rewards of each.
*Former Miller & Chevalier attorney
The information contained in this communication is not intended as legal advice or as an opinion on specific facts. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. For more information, please contact one of the senders or your existing Miller & Chevalier lawyer contact. The invitation to contact the firm and its lawyers is not to be construed as a solicitation for legal work. Any new lawyer-client relationship will be confirmed in writing.
This, and related communications, are protected by copyright laws and treaties. You may make a single copy for personal use. You may make copies for others, but not for commercial purposes. If you give a copy to anyone else, it must be in its original, unmodified form, and must include all attributions of authorship, copyright notices, and republication notices. Except as described above, it is unlawful to copy, republish, redistribute, and/or alter this presentation without prior written consent of the copyright holder.